Messaging Gateway

Hi,

I admin a server which has been running fine for 9  months, but 2 weeks ago started failing on sending emails to any hotmail addresses.

The server is not performing any spamming or bulk email activities at all - just the normal day-to-day activities of a real estate agent.

The Microsoft SNDS page informs that Brightmail is blocking with a bad IP reputation (5.77.49.11)

I've been through the FAQ and nothing is relevant. Basically I'm at a loss with this and losing business due to failing with all outbound emails to hotmail accounts.

My ISP is drawing a blank and I really need to resolve this - but as I'm not a symantec customer, I cannot get support via the normal support process despite spening an hour and a half on the phone

I'd be really grateful if someone could point me in the right direction to be able to speak to someone to get an insight on what I need to do to clear this up.

Thx,

Simon

Have you checked your own IP Addresses against blacklists to check whether you are seen as bad and in case try to get in touch with the owners to get removed from these? Maybe you can find out why you have been blacklisted or why your emails may look like spam(have you processed these through your own antispam engine)

Have you contacted hotmail to help you in case as these major msp's have a process for such use cases.

Hope this helps

toby

Yes, Done all of that.

I've ran checks on three or four sites which aggregate 100+ RBL's and I'm clear on all.

Hotmail just recommends you join an anti-spam program (done) and sends you to register with SNDS (done) - which then sends you to the symantec brightmail IP reputation investigation.

The RBL/filter which is blocking emails is always the symantec brightmail one. Following this mechanism leads to the IP reputation investigation page on the Symantec site. This is the process I have followed 8 or 9 times now. It works, clears the block and then 24h later, I'm back to square one with the same scenario.

So something is definately triggering the brightmail filter, and only the brightmail filter.

I'm really at a loss as to how I can progress this. I've had several transatlantic phone calls with Symantec tech. support which never lead anywhere as they won't provide support (I'm not a customer, just an affected party!!). 

Frankly this attitude is ridiculous as Symantec should further qualify their blocking. It's not just my IP whose reputation is suffering here!

Hello sj7272,

The Symantec Messaging Gateway appliance uses the Symantec Global IP Reputation system, but product support doesn't have direct access to it. However, I have brought your issue to the proper team and they are investigating the circumstances. Your situation should be resolved.

Regards,

Art

The following explains how to request removal of an IP from Symantec's reputation list and info around how IPs get listed:

http://ipremoval.sms.symantec.com/lookup/ 

This page explains how to request an investigation when Symantec is blocking a legitimate bulk mailing:

http://www.symantec.com/docs/TECH82881

Thanks,

Scott

I'm am having the same identical problem as you are with Brightmail - did you ever find a way to reach someone to do a true investigation?   I am having to fill out the "investigate" form on the Symatec site daily for 2 IP addresses, and cannot get any response.

Hello Art

We send emails from 2 IP addresses - and we keep getting blocked daily by your Brightmail product (and therefore by Hotmail as well).  Then we are unblocked after I fill out the investigate form (I've done that 7 times so far) and then re-blocked. .   Both IPS have Sender Scores in the high 90's and neither appear on any blacklists according to MXToolbox (except evidently yours)   The first is 67.91.239.149.   The emails sent from this are sent to our paid customers(!) and also to jobseekers that sign up on our site.   All emails contain unsubscribe instructions.   The second ip is 67.91.239.153 which is our bulk email server - we send jobseeker and recruiter newsletters once weekly from this server,  all sign-ups are opt in, and all the newsletters have an unsubscribe link.

Can you please let me know how to get a real investigation done so we can get our IP's cleared?   This is a serious issue - some of our paying customers use Hotmail for their email address and job applications to them are getting blocked (Note we are definitely getting blocked at  because of Brightmail).

I'd really appreciate any guidance on this - I'm going to lose some of my paying customers if I can't get it resolved.   I'd be happy to forward you samples of every email that goes from these ip addresses

Hello nettemps,

I apologize for the delay in response, I do not visit these forums often. ScottSwett's response below (https://www-secure.symantec.com/connect/forums/recurring-bad-ip-reputation#comment-9098251) is the appropriate response to this issue that includes the necessary steps for further investigation. Those are the steps to take for anyone encountering this issue.

Regards,
Art

Hi,

I am facing this problem now. Everyday, I have to access http://ipremoval.sms.symantec.com/lookup/ to remove my company IP address. 

So far, can anyone shed light on the outcome from Symantec guys on this.

This is getting on my nerves.

Regards

Hi Eric -

Try emailing investigatoin@review.symantec.com   with all details.  I sent them samples of every email we send, along with the block messages we found in our mail logs.

 I eventually got unblocked, although it took about 3 weeks.   As I recall, I emailed them daily:)     I also filled out every form I could find on their site, and did use the online form referenced above to submit sample emails (that didn't work well at all as far as I could tell).

My mailserver can NOT send out mails to hotmail/live/... because of the Symantec Brightmail filter KEEPS adding my full IP block received from my hosting provider (already received a new IP block few months ago, with the same result).

After months of contacting outlook.com support, join an anti-spam program, register with SNDS and constantly delisting my IP's at the reputation form my situation is STILL the same. My IP's keep getting listed and my customers on that server (around 35) can not send mail to outlook/hotmail/live/... email addresses most of the time. Because of this, customers are getting tired of the bounce messages and are terminating their contracts with my company.

Is there any way I can get this investigated my Symantec and finally have this issue resolved for good? My server is NOT compromized and it does not sent out more then 120-180/mails daily. All actions by IT technicians and system administrators have been taken (even the server went fully reloaded and all accounts where manually added again and checked for behavior and mailing stats).

It is a time consuming process that is costing me money. Please help me out here, I am so glad I found this page where more people are having this same issue. If I -atleast- know what is triggering the filter I can take steps to be delisted permanently.

Is there an API and documentation on how to submit IPs/URLs to the IP reputation investigation service?

http://ipremoval.sms.symantec.com/lookup/

Here is our knowledgebase document on submitting missed spam: http://www.symantec.com/docs/TECH83081

We do not accept raw IP address submissions.